b'                       U.S. Environmental Protection Agency \t                                               09-P-0055\n                                                                                                      December 9, 2008\n                       Office of Inspector General\n\n\n                       At a Glance\n\n                                                                            Catalyst for Improving the Environment\n\n\nWhy We Did This Review            Results of Technical Network Vulnerability\nThe Office of Inspector\n                                  Assessment: EPA\xe2\x80\x99s National Computer Center\nGeneral contracted with\nWilliams, Adley & Company,         What Williams, Adley & Company, LLP, Found\nLLP, to conduct the annual\naudit of the U.S.                 Vulnerability testing of EPA\xe2\x80\x99s National Computer Center network identified\nEnvironmental Protection          Internet Protocol addresses with high-risk and medium-risk vulnerabilities.\nAgency\xe2\x80\x99s (EPA\xe2\x80\x99s) compliance       Although National Computer Center personnel have taken actions to remediate\nwith the Federal Information      some of the documented findings, several vulnerabilities (both high and medium)\nSecurity Management Act           still remain unresolved.\n(FISMA). Williams, Adley &\nCompany, LLP, conducted the        What Williams, Adley & Company, LLP, Recommends\nnetwork vulnerability testing\nof the Agency\xe2\x80\x99s local area        Williams, Adley & Company, LLP, recommends that the Director of the National\nnetwork located at EPA\xe2\x80\x99s          Computer Center:\nNational Computer Center in\nResearch Triangle Park, North     \xe2\x80\xa2\t Complete actions to address all unresolved vulnerability findings.\nCarolina.\n                                  \xe2\x80\xa2\t Update EPA\xe2\x80\x99s Automated Security Self Evaluation and Remediation\n                                     Tracking (ASSERT) system in accordance with the EPA Procedure for\nBackground                           Information Security Plans of Actions and Milestones for the vulnerabilities\n                                     not resolved within the required timeframes\nThe network vulnerability         \xe2\x80\xa2\t Perform a technical vulnerability assessment test of the National Computer\ntesting was conducted to             Center network and managed assets at the Las Vegas Radiation and Indoor\nidentify any network risk            Environments National Laboratory, within 30 days, to demonstrate and\nvulnerabilities and present the      document corrective actions that have resolved the vulnerabilities.\nresults to the appropriate EPA\nofficials to promptly             Due to the sensitive nature of this early warning report\xe2\x80\x99s technical findings, the\nremediate or document             full report is not available to the public.\nplanned actions to resolve the\nvulnerability.\n\n\n\nFor further information,\ncontact our Office of\nCongressional, Public Affairs,\nand Management at\n(202) 566-2391.\n\x0c'